Browser Exploitation Framework
|Developer(s)||Wade Alcorn and others|
|Stable release||0.4.5.0 / 25 April 2014|
The Browser Exploitation Framework (BeEF) is an open-source penetration testing tool used to test and exploit web application and browser-based vulnerabilities. BeEF provides the penetration tester with practical client side attack vectors. It leverages web application and browser vulnerabilities to assess the security of a target and carry out further intrusions.[further explanation needed] This project is developed for lawful research and penetration testing. In practice, like many information security tools, Beef is used for both legitimate and unauthorized activities.
BeEF hooks one or more web browsers as beachheads for the launching of directed command modules. Each browser is likely to be within a different security context, and each context may provide a set of unique attack vectors.
BeEF can be extended both through the extension API, which allows changes to the way BeEF itself works, and through addition of modules, which add features with which to control "hooked" browsers.
The commands that come with BeEF include, but are not limited to:
- changing URLs of links on the target page.
- redirecting the victim's browser to an arbitrary site
- causing dialog boxes to appear and attempt to collect information from the user,
- browser fingerprinting,
- uploading arbitrary files from the victim's device, and
- detecting valid sessions with selected applications such as Twitter, Facebook and GMail.
- BeEF's modular framework allows addition of custom browser exploitation commands.
- The extension API allows users to change BeEF's core behavior.
- Keystroke logging
- Browser proxying
- Integration with Metasploit
- Plugin detection
- Intranet service exploitation
- Phonegap modules
- Hooking through QR codes
- Social Engineering modules spur user response such as entering sensitive data and responding to reminders to update software
- Restful API allows control of BeEF through http requests (JSON format).
|This security software article is a stub. You can help Wikipedia by expanding it.|